CVSS: 7.9EPSS: 0%CPEs: 24EXPL: 4CVE-2010-4263 – kernel: igb panics when receiving tag vlan packet
https://notcve.org/view.php?id=CVE-2010-4263
The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. La función igb_receive_skb de drivers/net/igb/igb_main.c en el subsistema Intel Gigabit Ethernet (igb) del kernel de Linux en versiones anteriores a la 2.6.34, cuando la virtualización Single Root I/O (SR-IOV) y el modo promiscuo están habilitados pero ninguna VLANs está registrada, permite a atacantes remotos provocar una denegación de servicio (resolución de puntero a NULL y excepción) y posiblemente causar otros impactos a través de un frame etiquetado como VLAN. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=31b24b955c3ebbb6f3008a6374e61cf7c05a193c http://openwall.com/lists/oss-security/2010/12/06/3 http://openwall.com/lists/oss-security/2010/12/06/9 http://secunia.com/advisories/42884 http://secunia.com/advisories/42890 http://secunia.com/advisories/46397 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://www.redhat.com/support/errata/RHSA-2011-0007.html http://www.redha • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 6%CPEs: 8EXPL: 0CVE-2010-4526 – kernel: sctp: a race between ICMP protocol unreachable and connect()
https://notcve.org/view.php?id=CVE-2010-4526
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. Condición de carrera en el kernel de Linux 2.6.11-rc2 hasta 2.6.33. Permite a atacantes remotos provocar una denegación de servicio (kernel panic) a través de un mensaje no enrutable ICMP a un socket que ya se encuentra bloqueado por un usuario, lo que provoca que el socket sea liberado y una corrupción de lista. Relacionado con la función sctp_wait_for_connect. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819 http://secunia.com/advisories/42964 http://secunia.com/advisories/46397 http://www.openwall.com/lists/oss-security/2011/01/04/13 http://www.openwall.com/lists/oss-security/2011/01/04/3 http://www.redhat.com/support/errata/RHSA-2011-0163.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/45661 http:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-4343 – kernel: bfa driver sysfs crash
https://notcve.org/view.php?id=CVE-2010-4343
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. drivers/scsi/AMB/bfa_core.c en el kernel de Linux anterior a v2.6.35 no inicializa una estructura de datos en un determinado puerto, lo que permite a usuarios locales causar una denegación de servicio (caída del sistema) a través de las operaciones de lectura en un fichero de estadísticas fc_host. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7873ca4e4401f0ecd8868bf1543113467e6bae61 http://secunia.com/advisories/42884 http://secunia.com/advisories/46397 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.openwall.com/lists/oss-security/2010/12/08/3 http://www.openwall.com/lists/oss-security/2010/12/09/15 http://www.redhat.com/support/errata/RHSA-2011-0017.html http://www.securityfocus.com/archive/1/520102&#x • CWE-665: Improper Initialization •
CVSS: 7.2EPSS: 0%CPEs: 38EXPL: 1CVE-2010-4297 – VMware Tools - Update OS Command Injection
https://notcve.org/view.php?id=CVE-2010-4297
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. La funcionalidad actualizar de VMware Tools en VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548; VMware Player 2.5.x anteriores a la 2.5.5 build 328052 y 3.1.x anteriores a la 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x anteriores a la 2.0.8 build 328035 y 3.1.x anteriores a la 3.1.2 build 332101; VMware ESXi 3.5, 4.0, y 4.1; y VMware ESX 3.0.3, 3.5, 4.0, y 4.1 permite a los usuarios del SO base escalar privilegios en el SO invitado a través de vectores sin especificar. Relacionado con inyecciones de comandos. • https://www.exploit-db.com/exploits/15717 http://lists.vmware.com/pipermail/security-announce/2010/000112.html http://osvdb.org/69590 http://secunia.com/advisories/42480 http://secunia.com/advisories/42482 http://www.securityfocus.com/archive/1/514995/100/0/threaded http://www.securityfocus.com/bid/45166 http://www.securitytracker.com/id?1024819 http://www.securitytracker.com/id?1024820 http://www.vmware.com/security/advisories/VMSA-2010-0018.html http://www.vupen.com/ • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 26EXPL: 2CVE-2010-2943 – XFS - Deleted Inode Local Information Disclosure
https://notcve.org/view.php?id=CVE-2010-2943
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. La implementación xfs en el kernel Linux, en versiones anteriores a la 2.6.35, no busca la asignación de inodes btrees antes de leer los búfer inode, lo que permite a atacantes remotos autenticados leer ficheros no enlazados o leer o sobreescribir bloques de disco que están asignados actualmente a un fichero activo pero que fueron previamente asignados a un fichero no enlazado, accediendo a un manejador de fichero NFS antiguo. • https://www.exploit-db.com/exploits/15155 http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767 http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768 http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769 http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •